Fortigate to Cisco ASA Site to Site VPN
Nov24

Fortigate to Cisco ASA Site to Site VPN

KB ID 0001717 Problem Continuing with my ‘Learn some Fortigate’ theme’. One of the basic requirements of any edge firewall is site to site VPN. As the bulk of my knowledge is Cisco ASA it seems sensible for me to work out how to VPN both those firewalls together, like so; Well that’s the pretty picture, I’m building this EVE-NG so here’s what my workbench topology looks like; Disclaimer (Read First!...

Read More
Which Firepower To Replace Your ASA 5500-X?
Oct01

Which Firepower To Replace Your ASA 5500-X?

KB ID 0001705 Problem Well (at time of writing) only the ASA5516-X remains on sale (officially.) You may be able to get stock of the remainder of the ASA5500-X series as people clear their shelves, or they may be available as ‘refurb’ stock but they are disappearing. So you would think that the replacements would be better documented? Well it’s sketchy at best, and when you look a the data sheets for the new FPR...

Read More
macOS – SSH Error ‘No Matching Exchange Method Found’
Sep13

macOS – SSH Error ‘No Matching Exchange Method Found’

KB ID 0001245  Problem Note Certified working all the way up to macOS Big Sur version 11.0.1 I thought my RoyalTSX had broken today, I upgraded it a couple of weeks ago, and I upgraded to macOS Catalina 10.15 the other day. After this, all my SSH sessions refused to connect with this error;   Unable to negotiate with x.x.x.x port 22: no matching key exchange found. Their offer diffie-hellman-group1-sha1 Note: You may also see the...

Read More
AnyConnect: ‘Quick and Dirty’ Duo 2FA
Sep01

AnyConnect: ‘Quick and Dirty’ Duo 2FA

KB ID 0001701 Problem Normally if I were deploying Duo 2FA with AnyConnect I’d deploy a Cisco RADIUS VPN on my LAN, (usually on my Duo Authentication Proxy). See the following article; AnyConnect: Enable Duo 2Factor Authentication However, last time I set this up, a colleague said ‘Oh by the way, you don’t need to do that, you can just point the firewall directly at Duo’. I was initially skeptical but I tried...

Read More
AnyConnect: Unauthorized Connection Mechanism
Aug27

AnyConnect: Unauthorized Connection Mechanism

KB ID 0001699 Problem I was assisting a colleague to setup some AnyConnect for a client this afternoon, when all of a sudden I was met with this; VPN Logon denied, unauthorised connection mechanism, contact your administrator Solution This was a confusing one, I replicated the problem on my own test firewall. All I had done was change the AAA method from LOCAL to LDAP? It took me a while to figure out what was going on? The reason why...

Read More
AnyConnect: Allow ‘Local’ LAN Access
Jul22

AnyConnect: Allow ‘Local’ LAN Access

KB ID 0001689 Problem Note: This WONT WORK if you ‘force-tunnel’ or ‘tunnel-all’ remote VPN traffic, (if you are unsure Google ‘what’s my ip’ > Take note of it > Connect to AnyConnect and repeat the procedure, if your public IP address has changed to the IP address of the ASA then you force-tunnel/tunnel-all traffic). With more people remote working now, I’m getting a lot more...

Read More